How to reconnect clients to WSUS after 1809 causes problems after install

4

Doing some testing on our test environment with the 1809 update. This system is not Internet and only gets updates from WSUS. I have tried to stop the services and rename the SoftwareDistribution folder but that didn't help either. I have done the troubleshooter but that doesn't do anything. I have set Delivery Optimization to Simple (99).

I am stopping the attempt to try to connect to the Internet using this GPO setting:

Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not connect to any Windows Update Internet locations 

After running powershell command (New-Object -ComObject 'Microsoft.Update.ServiceManager').Services

I get the result Windows Server Update Service IsDefautlAUService = True

Patched with the 11-2018 update from 2018.11.13 to 17763.134

I have done a Windows Reset on 1809 to see if that fixes the issue but it just shows the same problem. System will not check WSUS for updates and says it cannot connect. It will not even reregister with WSUS since we are set with Client-Side Targetting.

This is what the error show me at the moment. 1809 WSUS error

This is my current log. Trying to find out what the error is with the LoadHistoryEventsFromRegistry. Microsoft has no information on these issues.

    InitializeSus
2018/12/07 07:30:59.6145871 5316  76    IdleTimer       Non-AoAc machine.  Aoac operations will be ignored.
2018/12/07 07:30:59.6146719 5316  76    Agent           WU client version 10.0.17763.107
2018/12/07 07:30:59.6149469 5316  76    Agent           SleepStudyTracker: Machine is non-AOAC. Sleep study tracker disabled.
2018/12/07 07:30:59.6150268 5316  76    Agent           Base directory: C:\WINDOWS\SoftwareDistribution
2018/12/07 07:30:59.6179939 5316  76    Agent           Datastore directory: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
2018/12/07 07:30:59.6190270 5316  76    DataStore       JetEnableMultiInstance succeeded - applicable param count: 5, applied param count: 5
2018/12/07 07:31:00.1001631 5316  76    DataStore       Service 3DA21691-E39D-4DA6-8A4B-B43877BCB1B7 added
2018/12/07 07:31:00.1188537 5316  76    DataStore       Service 9482F4B4-E343-43B6-B170-9A65BC822C77 added
2018/12/07 07:31:00.1202710 5316  76    DataStore       Data store successfully created
2018/12/07 07:31:00.1254989 5316  76    Shared          UpdateNetworkState Ipv6, cNetworkInterfaces = 0.
2018/12/07 07:31:00.1260950 5316  76    Shared          UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
2018/12/07 07:31:00.1307344 5316  76    Shared          Network state: Connected
2018/12/07 07:31:00.5661308 5316  76    Agent           Created new random SusClientId 5ee99c27-c788-4ed7-910d-be7ecefcb4d3. Old Id: none.
2018/12/07 07:31:00.5753449 5316  76    Misc            *FAILED* [8024000C] LoadHistoryEventFromRegistry completed
2018/12/07 07:31:00.5756015 5316  76    Shared          UpdateNetworkState Ipv6, cNetworkInterfaces = 0.
2018/12/07 07:31:00.5756166 5316  76    Shared          UpdateNetworkState Ipv4, cNetworkInterfaces = 1.
2018/12/07 07:31:00.5756276 5316  76    Shared          Power status changed
2018/12/07 07:31:00.5819017 5316  76    Agent           WU client refresh cache for DisableWUAccess policy: 1
2018/12/07 07:31:00.5819073 5316  76    Agent           Initializing global settings cache
2018/12/07 07:31:00.5819100 5316  76    Agent           WSUS server: http://WSUS.DOMAIN.460i:8530
2018/12/07 07:31:00.5819125 5316  76    Agent           WSUS status server: http://WSUS.DOMAIN.460i:8530
2018/12/07 07:31:00.5819151 5316  76    Agent           Alternate Download Server: http://IWSUS.DOMAIN.460i:8530
2018/12/07 07:31:00.5819167 5316  76    Agent           Fill Empty Content Urls: No
2018/12/07 07:31:00.5819186 5316  76    Agent           Target group: Update Testing
2018/12/07 07:31:00.5819207 5316  76    Agent           Windows Update access disabled: Yes
2018/12/07 07:31:00.5819227 5316  76    Agent           Do not connect to Windows Update Internet locations: Yes
2018/12/07 07:31:00.5999439 5316  76    Agent           Initializing Windows Update Agent
2018/12/07 07:31:00.6001722 5316  76    Agent           CPersistentTimeoutScheduler | GetTimer, returned hr = 0x80248007
2018/12/07 07:31:00.6001826 5316  76    Agent           CPersistentTimeoutEvent | Resubscribe, no existing/cached timer for Id=29A863E7-8609-4D1E-B7CD-5668F857F1DB.
2018/12/07 07:31:00.6001961 5316  76    Agent           Adding timer: 
2018/12/07 07:31:00.6002034 5316  76    Agent               Timer: 29A863E7-8609-4D1E-B7CD-5668F857F1DB, Expires 2018-12-08 12:31:01, not idle-only, not network-only
2018/12/07 07:31:00.6017327 5316  76    IdleTimer       IdleTimer::NetworkStateChanged. Network connected? Yes
2018/12/07 07:31:00.6152671 5316  2732  DownloadManager HandleScavengeSandboxTask: Cleaning up sandboxes.
2018/12/07 07:31:00.6337411 5316  2732  DownloadManager PurgeExpiredFiles::Found 0 expired files to delete.
2018/12/07 07:31:00.6337679 5316  2732  DownloadManager PurgeExpiredUpdates: Found 0 non expired updates.
2018/12/07 07:31:00.6337761 5316  2732  DownloadManager PurgeExpiredUpdates: Found 0 expired updates.
2018/12/07 07:31:00.6446587 5316  2732  DownloadManager Received power state change notification: Old: <unknown>; New: AC.
2018/12/07 07:31:00.6446609 5316  2732  DownloadManager Power state changed from <unknown> to AC.
2018/12/07 07:32:12.5240857 5660  9008  ComApi          IUpdateServiceManager::AddService2
2018/12/07 07:32:12.5240922 5660  9008  ComApi          Service ID = {7971f918-a847-4430-9279-4a52d1efe18d}
2018/12/07 07:32:12.5240988 5660  9008  ComApi          Allow pending registration = Yes; Allow online registration = Yes; Register service with AU = Yes
2018/12/07 07:32:12.5302886 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '117CAB2D-82B1-4B5A-A08C-4D62DBEE7782'.
2018/12/07 07:32:12.5302932 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]
2018/12/07 07:32:12.5302982 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '855E8A7C-ECB4-4CA3-B045-1DFA50104289'.
2018/12/07 07:32:12.5303011 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]
2018/12/07 07:32:12.5303077 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '7971F918-A847-4430-9279-4A52D1EFE18D'.
2018/12/07 07:32:12.5303106 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]
2018/12/07 07:32:12.5313973 5316  9004  Agent           Failed to retrieve SLS response data for service 117cab2d-82b1-4b5a-a08c-4d62dbee7782, error = 0x8024500c
2018/12/07 07:32:12.5314154 5316  9004  Agent           *FAILED* [8024500C] Caller Service Recovery failed to opt in to service 117cab2d-82b1-4b5a-a08c-4d62dbee7782 (cV: GdfTDldxRUyC9aLL.1)
2018/12/07 07:32:12.5316674 5316  9004  Agent           Failed to retrieve SLS response data for service 855e8a7c-ecb4-4ca3-b045-1dfa50104289, error = 0x8024500c
2018/12/07 07:32:12.5316725 5316  9004  Agent           *FAILED* [8024500C] Caller Service Recovery failed to opt in to service 855e8a7c-ecb4-4ca3-b045-1dfa50104289 (cV: GdfTDldxRUyC9aLL.2)
2018/12/07 07:32:12.5318996 5316  9004  Agent           Failed to retrieve SLS response data for service 7971f918-a847-4430-9279-4a52d1efe18d, error = 0x8024500c
2018/12/07 07:32:12.5319045 5316  9004  Agent           *FAILED* [8024500C] Caller UpdateOrchestrator failed to opt in to service 7971f918-a847-4430-9279-4a52d1efe18d (cV: GdfTDldxRUyC9aLL.3)
2018/12/07 07:32:12.5319174 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '7971F918-A847-4430-9279-4A52D1EFE18D'.
2018/12/07 07:32:12.5319205 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]
2018/12/07 07:32:12.5322116 5660  9008  ComApi          Deferred service opt-in
2018/12/07 07:32:12.5366676 5660  9008  ComApi          *FAILED* [800704C6] CheckNetworkCostForCostPolicy
2018/12/07 07:33:57.7948349 5660  9008  ComApi          IUpdateServiceManager::AddService2
2018/12/07 07:33:57.7948410 5660  9008  ComApi          Service ID = {7971f918-a847-4430-9279-4a52d1efe18d}
2018/12/07 07:33:57.7948479 5660  9008  ComApi          Allow pending registration = Yes; Allow online registration = Yes; Register service with AU = Yes
2018/12/07 07:33:57.7984642 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '117CAB2D-82B1-4B5A-A08C-4D62DBEE7782'.
2018/12/07 07:33:57.7984751 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]
2018/12/07 07:33:57.7984884 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '855E8A7C-ECB4-4CA3-B045-1DFA50104289'.
2018/12/07 07:33:57.7984960 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]
2018/12/07 07:33:57.7985083 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '7971F918-A847-4430-9279-4A52D1EFE18D'.
2018/12/07 07:33:57.7985156 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]
2018/12/07 07:33:57.7993250 5316  9004  Agent           Failed to retrieve SLS response data for service 117cab2d-82b1-4b5a-a08c-4d62dbee7782, error = 0x8024500c
2018/12/07 07:33:57.7993472 5316  9004  Agent           *FAILED* [8024500C] Caller Service Recovery failed to opt in to service 117cab2d-82b1-4b5a-a08c-4d62dbee7782 (cV: H4qkYaccI0S+sZ8U.1)
2018/12/07 07:33:57.7999318 5316  9004  Agent           Failed to retrieve SLS response data for service 855e8a7c-ecb4-4ca3-b045-1dfa50104289, error = 0x8024500c

Looking for ideas on how to get my clients to call back to my WSUS server. Also this "service" I can't find information on. From what I can tell its a link to a web connection to on online WU. Any help is appreciated of if anyone can tell me any information on how WSUS uses these service IDs or what these FAILUREs are is helpful.

UPDATE 1: Here is the latest I have found. WSUS server shows that the 1809 update was the last update the systems needed to install. The Update installed and the computer restarted and since, NONE of them have checked in. As you can see by the screenshot below. WSUS View

The registry from the effected computers shows that the service IDs that the issues are coming from show up in the pending registry key. Not sure what that means. The machine this Screenshot was taken from I removed from WSUS and cleared the WSUS ID registry key and attempted to reconnect it. The WSUS server has yet to see this computer yet but the log is getting the same errors. See the screenshot below. Registry

The failed Service IDs:

     2018/12/07 07:32:12.5302886 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '117CAB2D-82B1-4B5A-A08C-4D62DBEE7782'.
    2018/12/07 07:32:12.5302932 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]
    2018/12/07 07:32:12.5302982 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '855E8A7C-ECB4-4CA3-B045-1DFA50104289'.
    2018/12/07 07:32:12.5303011 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]
    2018/12/07 07:32:12.5303077 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '7971F918-A847-4430-9279-4A52D1EFE18D'.
    2018/12/07 07:32:12.5303106 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]
    2018/12/07 07:32:12.5313973 5316  9004  Agent           Failed to retrieve SLS response data for service 117cab2d-82b1-4b5a-a08c-4d62dbee7782, error = 0x8024500c
    2018/12/07 07:32:12.5314154 5316  9004  Agent           *FAILED* [8024500C] Caller Service Recovery failed to opt in to service 117cab2d-82b1-4b5a-a08c-4d62dbee7782 (cV: GdfTDldxRUyC9aLL.1)
    2018/12/07 07:32:12.5316674 5316  9004  Agent           Failed to retrieve SLS response data for service 855e8a7c-ecb4-4ca3-b045-1dfa50104289, error = 0x8024500c
    2018/12/07 07:32:12.5316725 5316  9004  Agent           *FAILED* [8024500C] Caller Service Recovery failed to opt in to service 855e8a7c-ecb4-4ca3-b045-1dfa50104289 (cV: GdfTDldxRUyC9aLL.2)
    2018/12/07 07:32:12.5318996 5316  9004  Agent           Failed to retrieve SLS response data for service 7971f918-a847-4430-9279-4a52d1efe18d, error = 0x8024500c
    2018/12/07 07:32:12.5319045 5316  9004  Agent           *FAILED* [8024500C] Caller UpdateOrchestrator failed to opt in to service 7971f918-a847-4430-9279-4a52d1efe18d (cV: GdfTDldxRUyC9aLL.3)
    2018/12/07 07:32:12.5319174 5316  9004  Agent           *FAILED* [80248014] GetServiceObject couldn't find service '7971F918-A847-4430-9279-4A52D1EFE18D'.
    2018/12/07 07:32:12.5319205 5316  9004  Agent           *FAILED* [80248014] Method failed [CAgentServiceManager::GetServiceObject:1902]

Based on this article by Microsoft 2 of the IDs are MU (Microsoft Update) and Store. The WSUS ID (3DA21691....) Does not show up as pending nor does it have a key in there to even be checked.

The Group Policy setting show I have disabled all connection to the outside world since this system is not connected to the Internet. Group Policy

Finally there is the proof they are not pulling updates as updates from January have been approved and have yet to be pulled. They are not counting as needing them yet as the machines haven't check in in months. Updates

Still in search of more information to see why the systems are not connecting to the WSUS server. I have not made any firewall changes or configuration changes after the 1809 update so the update clearly broke communication.

wsus
asked on Server Fault Nov 28, 2018 by JukEboX

2 Answers

2

Looks like our bug report made it to the fix team and the April update has fixed this issue.

2019-04 Cumulative Update for Windows 10 Version 1809 or x64-based Systems (KB4493509)

This update once installed has reconnected my clients and updates are now coming back from WSUS. Hope this works in your environments as well.

answered on Server Fault Apr 24, 2019 by JukEboX
1

If you are using WSUS server 3.0 SP2 or lower, please make sure that the machine don’t enforce the SHA1 depriciation, as the update offered by WSUS 3.0 are SHA1 signed. A fix for WSUS server is due in February.

Some context information; https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus

answered on Server Fault Jan 26, 2019 by yagmoth555

User contributions licensed under CC BY-SA 3.0